As one of the last major gTLDs, .mobi has enabled DNSSEC on their registry systems earlier this month. DNSSEC has also been enabled for the Austrian ccTLD .at and its second level domains .co.at and .or.at.
DNSSEC is a technique that uses encryption – which we all know from SSL certificates – to digitally sign a DNS record. That allows the resolver to validate if the answer received actually comes from the server that you expect it to come from and to check if the contents of the record have not been modified during transit. This prevents so-called “DNS poisoning” – a malicious way of inserting incorrect data into the DNS.
Activating DNSSEC for your domains is extremely simple if you use the Openprovider nameservers: just click the “enable DNSSEC” bullet in the control panel and you’re done. If you are using your own nameservers, you will need to sign the zone on those nameservers and copy the required DNSSEC data to Openprovider.